<?PHP
session_cache_limiter('private, must-revalidate');
session_start();

//restrict page access
if(!isset($_SESSION['user']) || $_SESSION['role'] != 2)
  {
    header('Location:index.php');
    exit;
  }

include("std_dbs.php");

// get user list
$query = "SELECT USERS.USERID, ROLE, PASSWORD, USERNAME, FNAME, LNAME, ZIPCODE, EMAIL, LOGINIP FROM USERS, AUTHENTICATE WHERE USERS.USERID = AUTHENTICATE. USERID";//edit to get role form auth too

$stid = oci_parse($connect, $query);
if($stid == false)
  {
    $e = oci_error($connect);
    echo "ERROR: error parsing query to get the list of users <br />";
    echo "MSG: ".$e['message']."<br />";
    exit;
  }

$ret = oci_execute($stid);
if($ret == false)
  {
    $e = oci_error($stid);
    echo "ERROR: error executing query to get the list of users <br />";
    echo "MSG: ".$e['message']."<br />";
    exit;
  }
//post to edituserinfo.php
echo "<table>";
print "<th>UserID</th><th>Role</th><th>Username</th><td>Change Password</td><th>Firstname</th><th>LastName</th><th>Zipcode</th><th>E-mail</th><th>Recent IP</th><th>Delete?</th><th>Update User</th>";
//print "<form action='edituserinfo.php' method='POST'>";
while($line = oci_fetch_array($stid, OCI_ASSOC)) {
				echo '<tr>';
				print "<form name='".$line['USERID']."' action='edituserinfo.php' method='POST'>";
				print "<td>".$line['USERID']."</td>";
				print "<input type='hidden' name='userid' value='".$line['USERID']."' />";
				print "<td><select name='role'>";
				if ($line['ROLE'] == 1)
					print "<option selected='selected' value='1'>User</option><option value='2'>Admin</option>";
				elseif ($line['ROLE'] == 2)
					print "<option value='1'>User</option><option selected='selected' value='2'>Admin</option>";
				print "</select></td>";
				print "<td>".$line['USERNAME']."</td>";
				print "<td><input type='text' name='password' /></td>";
				print "<td><input type='text' name='fname' value='".$line['FNAME']."' /></td>";
				print "<td><input type='text' name='lname' value='".$line['LNAME']."' /></td>";
				print "<td><input type='text' name='zipcode' size='10' value='".$line['ZIPCODE']."' /></td>";
				print "<td><input type='text' name='email' value='".$line['EMAIL']."' /></td>";
				print "<td>".$line['LOGINIP']."</td>";
				print "<td><input type='checkbox' name='check' value='checked' /></td>";
				print "<td><input type='submit' value='Make Changes' /></td></form>";
				echo '</tr>';
			}
echo "</table>";
//print "<input type='submit' value='Make Changes' /></form>";

//print "WARNING: DELETING A USER IS NOT REVERSABLE!";

?>
